On September 18, 2017, Piriform announced that the CCleaner version 5.33.6162 and CCleaner Cloud version 1.07.3191 on 32-bit Windows operating systems were modified and inserted with malicious code. This was another serious attack event targeting the software supply chain in the recent one month after the Xshell backdoor incident happened.
The entire malicious code embezzles the digital signature of CCleaner, so this download activity does not trigger any alerts and users are unaware of this activity. Moreover, hackers can also steal privacy information on user computers.
See the following for more information about the vulnerability.
CCleaner is a system cleaning tool developed by Piriform. Recently, Piriform was acquired by Avast, a security product vendor. CCleaner is used to clean unwanted files in the Windows operating systems to reserve more disk spaces. It can also clear temporary Internet files.
After a user installs the infected software on the computer, hackers can obtain the privacy information from the computer, including the system name, MAC address, system version, installed software, and process information. The obtained information is then transferred to the console server, causing a high level of risk.
The CCleaner client has a wide range of users, and the vulnerability has a great impact. The affected versions include:
- CCleaner version 5.33.6162
- CCleaner Cloud version 1.07.3191
If the CCleaner has been installed on your computer, we recommend that you uninstall it and configure a security group policy to prohibit the communication with the console address.
The users who use the PC edition are advised to upgrade the software to the latest version as soon as possible.
Indicators of Compromise (IoCs)